The different between tracert and traceroute.

The fact that Windows tracert operates differently from the traceroute command in Cisco devices will almost always lead to an interesting discussion. Mainly because many people are not aware of the real differences between these two utilities, they are merely aware of the spelling differences and how could you blame them both commands give you very similar results and perform the same function.

Let’s look at a tracert from a Microsoft Windows workstation:

What to know here is the Window’s tracert utility is relying on ICMP echo requests. (So this is nothing more then an extension of a simple ping)

The other key difference between Windows and Cisco, is when the destination is reached it replies back with an ICMP echo reply:

Now when we look at traceroute utility from a Cisco device:

Now the packets:

What we see here is a UDP packet with a destination port of 33434 (The source port is almost always random), not an ICMP echo packet.

Now with Cisco the destination will not answer back with reply packet but surprising enough a destination unreachable packet. See below (Notice the source of the IP packet, it’s the destination of our traceroute)

One Response

[…] from target back to the host. The time exceeded packet is returned to the host when performing a traceroute. The fragment needed but DF bit set packet is used for path MTU discovery and can used to […]